CVE-2011-1167

Published: 28 March 2011

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.

Priority

Status

Package	Release	Status
tiff Launchpad, Ubuntu, Debian	upstream	Needs triage
	dapper	Released (3.7.4-1ubuntu3.11)
	hardy	Released (3.8.2-7ubuntu3.9)
	karmic	Released (3.8.2-13ubuntu0.6)
	lucid	Released (3.9.2-2ubuntu0.6)
	maverick	Released (3.9.4-2ubuntu0.3)
	Patches: upstream: http://bugzilla.maptools.org/show_bug.cgi?id=2300

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
http://www.zerodayinitiative.com/advisories/ZDI-11-107
https://ubuntu.com/security/notices/USN-1102-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=684939
http://bugzilla.maptools.org/show_bug.cgi?id=2300

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›